US10223292B2ActiveUtilityA1

Securing stream buffers

50
Assignee: MICROSOFT TECHNOLOGY LICENSING LLCPriority: Nov 28, 2016Filed: Nov 28, 2016Granted: Mar 5, 2019
Est. expiryNov 28, 2036(~10.4 yrs left)· nominal 20-yr term from priority
G06F 2212/1052G06F 12/1458G06F 13/1673
50
PatentIndex Score
0
Cited by
22
References
20
Claims

Abstract

Described are examples for securing stream data received from a stream source. A secure mode can be enabled, based on a request from an application, for storing the stream data captured from the stream source in a secured buffer. The secured buffer can be allocated in a secure memory based at least in part on enabling the secure mode. A secured buffer identifier of the secured buffer can be provided to a driver of a device providing the stream source for storing the stream data captured from the stream source in the secured buffer. The secured buffer identifier of the secured buffer can also be provided to the application for accessing the stream data stored in the secured buffer.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method for securing stream data received from a stream source, comprising:
 enabling, based on a request from an application executing on an operating system, a secure mode of the operating system for storing the stream data captured from the stream source in a secured buffer; 
 allocating, based at least in part on enabling the secure mode, the secured buffer in a secure memory; 
 providing, based at least in part on enabling the secure mode, a secured buffer identifier of the secured buffer to a driver of a device providing the stream source, wherein the driver executes in a kernel mode of the operating system to receive stream data from the stream source and store the stream data in the secured buffer based on the secured buffer identifier; and 
 providing, based at least in part on enabling the secure mode, the secured buffer identifier of the secured buffer to the application, wherein the application accesses the stream data stored in the secured buffer based on the secured buffer identifier. 
 
     
     
       2. The method of  claim 1 , further comprising:
 enabling a driver secure mode at the driver of the device based at least in part on enabling the secure mode; and 
 causing the driver to store the stream data in the secured buffer based at least in part on providing, by the driver, the secured buffer identifier to a secure framework component, wherein the secure framework component has access to the secure memory in a secure kernel mode. 
 
     
     
       3. The method of  claim 2 , wherein allocating the secured buffer comprises receiving a plurality of secured buffer identifiers from the secure framework component, and further comprising selecting the secured buffer identifier from the plurality of secured buffer identifiers. 
     
     
       4. The method of  claim 2 , wherein the secure framework component stores the stream data in the secured buffer at a location corresponding to the secured buffer identifier. 
     
     
       5. The method of  claim 1 , further comprising:
 retrieving, by the application, the stream data from the secured buffer based at least in part on providing the secured buffer identifier to a secure framework component, wherein the secure framework component has access to the secure memory in a secure kernel mode. 
 
     
     
       6. The method of  claim 1 , further comprising:
 allocating a non-secured buffer for the stream data based on a request from a second application for non-secured use of the device; 
 causing the driver to store the stream data in the secured buffer; and 
 causing the driver to store the stream data in the non-secured buffer for access by the second application. 
 
     
     
       7. The method of  claim 1 , wherein the device is a camera, and the request from the application corresponds to performing face authentication by the application. 
     
     
       8. A device for securing stream data received from a stream source, comprising:
 a memory storing one or more parameters or instructions for executing a stream server, wherein the stream server interfaces with the stream source; and 
 at least one processor coupled to the memory, wherein the at least one processor is configured to:
 enable, based on a request from an application executing on an operating system, a secure mode of the operating system for storing the stream data captured from the stream source in a secured buffer; 
 allocate, based at least in part on enabling the secure mode, the secured buffer in a secure memory; 
 provide, based at least in part on enabling the secure mode, a secured buffer identifier of the secured buffer to a driver of a device providing the stream source, wherein the driver executes in a kernel mode of the operating system to receive stream data from the stream source and store the stream data in the secured buffer based on the secured buffer identifier; and 
 provide, based at least in part on enabling the secure mode, the secured buffer identifier of the secured buffer to the application, wherein the application accesses the stream data stored in the secured buffer based on the secured buffer identifier. 
 
 
     
     
       9. The device of  claim 8 , wherein the at least one processor is further configured to:
 enable a driver secure mode at the driver of the device based at least in part on enabling the secure mode; and 
 cause the driver to store the stream data in the secured buffer based at least in part on providing, by the driver, the secured buffer identifier to a secure framework component, wherein the secure framework component has access to the secure memory in a secure kernel mode. 
 
     
     
       10. The device of  claim 9 , wherein the at least one processor is further configured to receive a plurality of secured buffer identifiers from the secure framework component, and select the secured buffer identifier from the plurality of secured buffer identifiers. 
     
     
       11. The device of  claim 9 , wherein the secure framework component stores the stream data in the secured buffer at a location corresponding to the secured buffer identifier. 
     
     
       12. The device of  claim 8 , wherein the at least one processor is further configured to:
 retrieve, by the application, the stream data from the secured buffer based at least in part on providing the secured buffer identifier to a secure framework component, wherein the secure framework component has access to the secure memory in a secure kernel mode. 
 
     
     
       13. The device of  claim 8 , wherein the at least one processor is further configured to:
 allocate a non-secured buffer for the stream data based on a request from a second application for non-secured use of the device; 
 cause the driver to store the stream data in the secured buffer; and 
 cause the driver to store the stream data in the non-secured buffer for access by the second application. 
 
     
     
       14. The device of  claim 8 , wherein the device is a camera, and the request from the application corresponds to performing face authentication by the application. 
     
     
       15. A non-transitory computer-readable medium, comprising code executable by one or more processors for securing stream data received from a stream source, the code comprising code for:
 enabling, based on a request from an application executing on an operating system, a secure mode of the operating system for storing the stream data captured from the stream source in a secured buffer; 
 allocating, based at least in part on enabling the secure mode, the secured buffer in a secure memory; 
 providing, based at least in part on enabling the secure mode, a secured buffer identifier of the secured buffer to a driver of a device providing the stream source, wherein the driver executes in a kernel mode of the operating system to receive stream data from the stream source and store the stream data in the secured buffer based on the secured buffer identifier; and 
 providing, based at least in part on enabling the secure mode, the secured buffer identifier of the secured buffer to the application, wherein the application accesses the stream data stored in the secured buffer based on the secured buffer identifier. 
 
     
     
       16. The non-transitory computer-readable medium of  claim 15 , further comprising code for:
 enabling a driver secure mode at the driver of the device based at least in part on enabling the secure mode; and 
 causing the driver to store the stream data in the secured buffer based at least in part on providing, by the driver, the secured buffer identifier to a secure framework component, wherein the secure framework component has access to the secure memory in a secure kernel mode. 
 
     
     
       17. The non-transitory computer-readable medium of  claim 16 , wherein code for allocating further receives a plurality of secured buffer identifiers from the secure framework component, and wherein the code for storing selects the secured buffer identifier from the plurality of secured buffer identifiers. 
     
     
       18. The non-transitory computer-readable medium of  claim 15 , further comprising code for:
 retrieving, by the application, the stream data from the secured buffer based at least in part on providing the secured buffer identifier to a secure framework component, wherein the secure framework component has access to the secure memory in a secure kernel mode. 
 
     
     
       19. The non-transitory computer-readable medium of  claim 15 , further comprising code for:
 allocating a non-secured buffer for the stream data based on a request from a second application for non-secured use of the device; 
 causing the driver to store the stream data in the secured buffer; and 
 causing the driver to store the stream data in the non-secured buffer for access by the second application. 
 
     
     
       20. The non-transitory computer-readable medium of  claim 15 , wherein the device is a camera, and the request from the application corresponds to performing face authentication by the application.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.